What you need to know about OAuth 2.0 for incoming mail in Atlassian products

Both Microsoft and Google announced that they will be deprecating Basic Authentication from use on their respective mail servers, Exchange and Gmail.

Microsoft Exchange will disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage in October 2020. For current tenants still actively using Basic Authentication, Microsoft has decided to postpone end-of-support until the second half of 2021 in response to the impact of COVID-19. It is important to note that this is only affecting Microsoft Exchange Cloud. It will not affect Microsoft Exchange Server (on-premises). You can reference Microsoft’s official communications on the matter here, in their February update, and in their latest April update.

Gmail’s end-of-support was planned to happen in two phases, with the first occurring in June 2020, however they have since decided to suspend these deadlines until further notice per their update in March 2020. They want to minimize potential disruptions for their customers unable to complete migrations in this timeframe as customers focus on supporting a remote workforce.

In order to give you as much time as is needed to adequately plan for potential migrations, we will soon be adding OAuth 2.0 authentication methods for incoming email (so far using the IMAP and POP3 protocols) for Jira Software, Jira Service Desk, and Confluence. We will also be backporting the fixes to respective supported Enterprise releases. While we do not typically backport new functionality into our Enterprise releases, this integration is deemed essential given the material impact it may have on our products.

We will update this post with the respective fix versions and Enterprise releases once those are confirmed. We treat this work with highest priority and aim to provide the solution ahead of the deadlines set by Microsoft and Google so that you have time to upgrade. 

Should more information come on new deadlines set in place by Microsoft or Google, we will update the post accordingly. Their decisions to suspend certain deadlines will not impact our work to support OAuth 2.0 in impacted products.

OAuth 2.0 support will require you to make changes to the incoming mail settings and the way you configure the incoming email server. It's a good idea to plan to take the time after your upgrade to review the changes so that your instance's email handlers keep working. See below for a full run down of products that will have a material impact once Microsoft and Google’s respective end-of-support dates arrive. Please note that Bitbucket, Bamboo, FeCru and Crowd are not affected by this change.

Jira Software: If you’ve configured incoming mail servers for Jira using Microsoft or Google as mail service providers, you will need to configure the OAuth2.0 authentication method to allow users to create issues and comments via email. Here’s how:

  1. Upgrade to Jira Software (when OAuth 2.0 support is added, version TBA) or the latest bug fix version of the supported Enterprise releases (7.13 or 8.5).

  2. Configure the OAuth 2.0 authentication method (this step requires System admin rights).

  3. Reconfigure your mail servers to use OAuth 2.0 (this step remains available to Jira admins).

After these steps, users can create issues and comments via email.

Jira Service Desk:  If you’ve configured email channels for your projects using Microsoft or Google as mail service providers, you will need to configure the OAuth 2.0 authentication method to allow customers create requests via email. Here’s how:

  1. Upgrade to Jira Service Desk (when OAuth 2.0 support is added, version TBA) or the latest bug fix version of the supported Enterprise releases (3.16 or 4.5).

  2. Configure the OAuth 2.0 authentication method (this step requires System admin rights).

  3. Reconfigure your email channels to use OAuth 2.0 (this step remains available to Jira admins). Email channels are set up separately for each project.

  4. If you’ve also configured incoming mail servers for your Jira Core projects, you’ll need to reconfigure them, too.

Confluence: In Confluence, OAuth 2.0 support will require you to make changes to plugins that were previously disabled by default and support functionality like reply to comment via email. When we add OAuth 2.0 support to Confluence (TBA), these plugins will be automatically enabled and allow end users to create a space or page, or comment on a page, directly from their email. If you’ve previously enabled these plugins, you may need to review these changes before you upgrade.

For those who are interested, feel free to watch the following ticket for updates, EAP announcements and more: JRASERVER-63917.

13 comments

Patricia Francezi
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 11, 2020

Hi @Brian Keough - is Jira Cloud already prepared for the changes? - in your article you just mention the Server Instances...

Like Jonah McIntire likes this
Bob Regent
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 2, 2020

We have successfully configured incoming mail to work with OAuth 2.0 and MS mail, but we need to use it with service desk email channels. Currently in v4.10.0 ,  Microsoft is not an option in email channels.  Only Google is available to use with OAuth 2.0.  

Is Microsoft email planned for a future release, or can it be configured to work now?

Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2020

Hi @Bob Regent,

We're actively working on adding Microsoft support just now in JSD and will be released very soon (planned well before the October deadline for basic auth on new Microsoft accounts being disabled).

Thanks,

Craig.

Jira Service Desk

Jonah McIntire
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 23, 2020

When will proper OAuth 2.0 email integration be in place for helpdesk via Cloud? Google stopped their less secure applications (what you call basic) access in March 2020. Its now end of July 2020. OAuth 2.0 isn't cutting edge, this is frankly an embarassment to not be supported right now. What's the timeline?

Jason D_Cruz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 23, 2020

Hi @Jonah McIntire ,

I'm one of the product managers on Jira Service Desk Cloud.

Google have indefinitely postponed the disabling of access for less secure applications, you can read more about their decision here.

We are committed to bringing OAuth 2.0 functionality on Jira Service Desk Cloud for Google and will align our timelines to any revised dates provided. I'd request you to follow this ticket for updates on the timelines for OAuth 2.0 for Google.

Thanks,
Jason

Like Craig Shannon likes this
Jonah McIntire
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 6, 2020

@Jason D_Cruz with respect, the page you linked to is clear about why OAuth 2.0 is something Atlassian should be adding now, not at the last minute when Google or others force it. Here is their exact statement from the announced delay to ending support:

"Despite these timing adjustments, Google does not recommend the use of any application that does not support OAuth. We recommend that you switch to using OAuth authentication whenever possible for your organization. OAuth helps protect your account by helping us identify and prevent suspicious login attempts, and allows us to enforce G Suite admin-defined login policies, such as the use of security keys."

Google calls this form of integration "less secure apps" for a good reason. And they postponed their ending of support 45 days before it was scheduled to stop so Atlassian was already down to the wire on a ticket that was created in January 2018. 

Jason D_Cruz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 6, 2020

Hi @Jonah McIntire , thank you for the comment. We are looking to move to OAuth 2.0 for both Google and Microsoft.

Regarding tiemlines, our current priority is to focus on completing the work for Microsoft due to a deadline in October that will impact both new and inactive Microsoft accounts. After that work is completed we would be in position to provide more concrete information around the plan for Google on JSD Cloud.

Muhammad Ramzan_Atlassian Certified Master_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 18, 2020

Oauth2 is not stable with Google. I have starter license and jira not allowing me to create the support ticket but its a bug on jira side and my system is getting field

 

I have created oauth2 and test connection is successfully.

But when trying to use on service desk project for email request, then giving error 

OAuth token not defined for connection. OAuth Authorisation required."

2020-08-18 11:02:01,277+0000 http-nio-8080-exec-18 ERROR Ramzan 662x250340x1 pc5x1d 46.152.45.18,127.0.0.1 /rest/servicedesk/1/servicedesk/NTEST/incomingemail/oauth/validateandsaveflow/0a95c98c-5ade-4391-93f4-129f897966f8 [internal.rest.emailchannel.EmailChannelResource] Failed to validate and save token: jep.mail.connection.verifier.unknown.error : 'Here's the error we received: "[AUTHENTICATIONFAILED] Invalid credentials (Failure)"'
Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 18, 2020

Hi @Muhammad Ramzan 

Thanks for bringing this to our attention. I have replied to your question.

Thanks,

Craig.

Jira Service Desk

Like Andy Heinzer likes this
Scott Boisvert
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 18, 2021

Any idea when OAuth 2.0 will be available in Confluence?

Bojana August 4, 2021

Hi @Craig Shannon

@Jason D_Cruz 

@Brian Keough 

May I kindly ask you to update this post so it has most recent info? :)

Thanks in advance!

Like Tommy van Extel likes this
Tobias June 10, 2022

Hello @Brian Keough , @Craig Shannon
as customers, we would like to see what is going on behind the scenes at atlassian.

We are all about to move to Oauth 2.0 for all Atlassian products. Now we have not received an update for over a year. I would ask for an update to bring clarity to the customers.

We are less than 4 months away from the Basic Authentication shutdown.
So please give us an update on this article!

Thank you!

Like Tommy van Extel likes this
Tommy van Extel July 12, 2022

Really, still nothing on Confluence?

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events